What Marketers Need to Know About GDPR
By Mike Pinckney
What is The New General Data Protection Regulation?
We all saw how Mark Zuckerberg tried to explain the internet to Congress, but do we truly understand it ourselves?
Personal information and privacy in advertising has come to a lot of people’s attention lately because of how rapidly technology has evolved. The amount of information tech companies like Google and Facebook store per person is immense.
There are new laws coming out to protect the consumers and their personal data. One of the biggest ones is taking effect on May 25, 2018, called the General Data Protection Regulation (GDPR).
The regulation was passed by the European Union in 2016. The basis of the regulation is focused on how companies can manage and store your personal data.
The GDPR has a lot of tech companies scrambling to be in compliance.
It is estimated that less than 75% of the European companies and less than 84% of the US companies will be in compliance by that deadline. The regulation has teeth with severe financial penalties associated with it.
The big tech companies can afford to pay the fines, but it can and will be crippling to smaller companies who are out of compliance.
The GDPR applies only to EU citizens, but it is applicable to organizations anywhere in the world that collect personal data on EU citizens. There isn’t a law yet that covers consumer’s rights to this extent in the US, but it will absolutely pave the ground for future regulation.
It is currently not known how enforceable this new law will be to companies outside the EU, but the regulation is aggressively trying to protect its citizens’ data.
It will be very interesting to watch over the next several months as it will undoubtedly shape and influence US law.
5 key areas that the GDPR introduces:
- Right to access data: This simply gives people the right to know the information a company has stored on them and give them the ability to download it.
- Data portability: This is the right to ask a company to transmit their data to another competing provider.
- Right to recertification: The right to change any incorrect information about themselves that is stored by a data controller.
- Right to be forgotten: The right to delete your information and revoke consent.
- Breach notification: A requirement for data controllers and processors to notify EU citizens of a data breach inside 72 hours.
As marketers, we love the ability to target relevant content to the right people, which does help make advertising dollars more efficient and targeted. The introduction of this new regulation has some saying it’s the end of days for marketing, as we know it. I believe this to be a very aggressive stance, but it certainly will change how marketers develop their go to market strategies.
New Marketing Transparency
There should be higher degree of transparency with our information. Most of the changes that are made because of the GDPR are behind the scenes for a lot companies, but there are some policies that have become more public in the US.
I recently received an email from Instagram to review and agree to their updated terms and data policy.
The GDPR is forcing companies to use plain English to help their citizens understand what they are truly agreeing to so they can make an informed decision vs. complicated legal language and the quick “I agree” button.
I believe Facebook is proactively taking steps not because they have to in the US, but it is the right thing to do for their company. The stock has been taking a beating and transparency and their proactive approach is the best way for them to dig out.
I was impressed by on how easy it was to understand Instagram’s updated policy.
As an example, at the end of the document it said, “We never sell your data. Because the policy also covers Facebook, it includes information about facial recognition. We don’t use facial recognition technology on Instagram. If we introduce it, we’ll let you know and give you a choice.”
A choice! What a concept! The language was straightforward and in the spirit of the regulation changes that are happening with the GDPR. I clicked agree.
I was also impressed (and a little scared) with what I found when I downloaded the Facebook personal data request. I wasn’t aware until recently you could even do that. Facebook allows you to download all the information and profile data that they have stored on you.
How to Get Your Facebook Personal Data Request:
1) Click the down arrow at the top right of any Facebook page.
2) Choose Account Settings.
3) Download a copy of your Facebook data at the bottom of the page. It’s a small blue hyperlink (shown below).
It took me a second to find it, but when I did it was a fairly simple process. I do not think they make it easy for you to find, but it is available. The information only took a few minutes to obtain, but for some it could take a few days to populate.
The first thing that you will notice is folders of bucketed information that helps Facebook build out your personal data profile. What you like, where you have been, your interests, and basically everyone you have ever come in contact with in your Facebook life.
It feels whole lot like I left the front door open to my house and let them walk in.
Example of some of the folders included in the data request:
- About you
- Calls and messages
- Location history
- Search history
The list goes on and on and when you dig in you will find things that you might have known existed, but it’s a little strange when you actually see it.
In the ‘About You’ folder it has:
- Facial recognition
- Friend peer group
- Your address book
How in the world did I agree to give them the entire contact list in my phone?
In the ‘Ads’ folder it has:
- Ads interests
- Advertisers information
- Advertisers I have interacted with
The advertiser information is interesting because it consists of advertisers who run ads using a contact list they uploaded that includes contact info I shared with them or one of their data partners. I think data partner is the operative word. There are companies I recognize and ones I have zero clue about. The list is too long to cover.
The digital profile of people is widely available and consumers often just click the “I agree” button on the terms and condition because of our impatience to get to the info we want. In doing so, we open ourselves and our lives to a host of companies trying to get us to buy what they are selling.
I do not mind providing the information myself because it is what I do everyday for a career. I will always click the “I agree” button. If companies can profile me and serve relevant ads and not waste my time with things that are not necessary in my life then I am ok with it.
As a marketer the information is powerful, but power should have certain limits and choices. I find what the GDPR is doing is giving the choice back to the consumer. I would be lying if I said I wasn’t excited about how technology is evolving and how marketing is becoming more of a 1:1 conversation vs a “spray and pray” approach. We waste a lot of time and effort to people who can’t and don’t want to buy what we are marketing.
The ability to target and put relevant information in front of the right audience has tremendous impact. I think regulation is needed and welcomed and it will not be the end of days for marketing as we know it. We are simply taking a necessary step by evolving how we go to market.
As you begin prospecting on social media, set yourself up for success with the Social Media Handbook. You’ll learn the fundamentals of not just engaging in, but listening to social media conversations in order to generate new leads for your business.